Install Pritunl VPN Server and Client on Debian 11: Free VPN Solution

This tutorial is designed to guide you through the process of installing Install Pritunl VPN Server and Client on Debian 11. Pritunl is a powerful, open-source platform that allows you to create and manage distributed VPN networks. Utilizing the OpenVPN protocol, Pritunl offers a flexible solution for setting up virtual network architectures, with features varying based on the chosen licensing model. This allows for secure remote access and network connectivity.

Follow the step-by-step instructions provided below to successfully complete the Pritunl VPN setup on your Debian 11 server.

Before you begin, ensure you have SSH access to a Debian 11 server as a non-root user with sudo privileges. If you haven’t already, you can set this up by following a guide on initial server setup with Debian 11.

1. Required Packages for Pritunl VPN Setup

First, update your server’s package index and upgrade existing packages to the latest versions. This ensures you have the most recent dependencies.

sudo apt update && sudo apt upgrade -y

Next, install the necessary packages that Pritunl and its dependencies require. This includes tools for managing repositories, handling cryptographic keys, and downloading files.

sudo apt install gpg curl gnupg2 software-properties-common apt-transport-https lsb-release ca-certificates -y

Now that the essential packages are installed, proceed to add the MongoDB and Pritunl VPN server repositories to your Debian 11 system.

2. Add MongoDB GPG Key and Repository on Debian 11

Pritunl relies on MongoDB as its database backend. Therefore, you need to add the official MongoDB repository to your system. Start by importing the MongoDB APT repository keys. This verifies the authenticity of the packages you’ll be installing.

curl -fsSL https://www.mongodb.org/static/pgp/server-5.0.asc | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/mongodb-5.gpg

Then, add the MongoDB repository to your APT sources list. This tells APT where to find the MongoDB packages.

echo "deb http://repo.mongodb.org/apt/debian buster/mongodb-org/5.0 main" | sudo tee /etc/apt/sources.list.d/mongodb-org-5.0.list

3. Add Pritunl GPG Key and Repository on Debian 11

Similarly, add the Pritunl repository to your system. This allows APT to find and install the Pritunl VPN server package. First, import the Pritunl GPG key to verify the packages.

# sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 7AE645C0CF8E292A

**<mark>Output</mark>**
gpg: key 7AE645C0CF8E292A: public key "Pritunl <contact@pritunl.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1

Add the Pritunl repository to your APT sources list. The lsb_release -cs command automatically determines your Debian codename (e.g., bullseye).

echo "deb http://repo.pritunl.com/stable/apt $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/pritunl.list

4. Install Pritunl and MongoDB on Debian 11

With both repositories added, update your system’s package index to include the new packages. Then, install both the pritunl and mongodb-org packages.

# sudo apt update
# sudo apt install mongodb-org pritunl -y

Start the pritunl and mongod services, and enable them to start automatically at boot.

# sudo systemctl start pritunl mongod
# sudo systemctl enable pritunl mongod

5. Configure and Access Pritunl VPN Server on Debian 11

Access the Pritunl VPN server web interface by navigating to your server’s IP address in your web browser.

http://<mark>your-server-ip</mark>

You should see the following screen:

Install Pritunl VPN Server and Client on Debian 11 — Pritunl database setup

To proceed, you’ll need the Setup Key. Retrieve this key by running the following command in your terminal:

sudo pritunl setup-key

**<mark>Output</mark>**
96bd9c9b8712461b9eeb8c4666e34d11

Enter the setup key into the web interface and click Save. You will then be presented with the Pritunl VPN Server sign-in screen on Debian 11.

Pritunl sign-in screen Debian 11 — Pritunl sign-in screen

To log in, you need the default username and password. Obtain these by running the command below:

sudo pritunl default-password

**<mark>Output</mark>**
Administrator default password:
  username: "pritunl"
  password: "UeTQpPSvy6un"

Enter the username and password on the login screen and click Sign in. This will bring you to the initial setup page, where you can change the admin user credentials, set the domain, and configure Let’s Encrypt SSL. You can configure these settings now, or set them up later. Once you are done, click Save.

Pritunl Initial Setup — Initial Pritunl VPN Setup

You can now configure organizations, users, and servers from the Pritunl dashboard on Debian 11.

Pritunl dashboard Debian 11 — Pritunl dashboard

Add Organizations To Pritunl

Click on Users to manage VPN users. Users are grouped into organizations and mapped to servers.

Pritunl Users and Organizations — Users and Organizations

Create a new organization by clicking "Add organization", specifying a name, and clicking "Add".

Pritunl Add Organization — Add Organization

Add VPN Server To Pritunl

Create a VPN server on Debian 11 by clicking on "servers" and then "Add server".

Provide the required server information and click "Add".

Pritunl Add Server Debian 11 — Add Server

Attach the server to an organization by clicking on "Attach organization" and choosing your organization.

Pritunl Attach organization — Attach organization

Add Users To Pritunl

Create user profiles on your VPN server on Debian 11 by clicking on "Add user". Enter the necessary information and click "Add".

Pritunl Add VPN User Debian 11 — Add User

Note: To add multiple users at once, use the "Bulk Add user" function on the web interface.

6. Install and Configure Pritunl VPN Client

Visit the Pritunl VPN clients page and download the appropriate client for your operating system. The installation process is described on the official page. In this example, we’ve downloaded the Windows Client.

Once the VPN client is installed, log in to the Pritunl VPN server and download the user profile. Click on "Users", select the user, and click the download icon to get the user profile.

Download User Profile

Launch your Pritunl VPN client and choose "Import Profile".

Import Profile

Locate the user’s profile .tar file that you downloaded and import it, or use the Client URL. You’ll then be able to connect to the Pritunl VPN server.

Import Client Profile

Pritunl VPN Client Debian 11 — Pritunl VPN Setup Client

That’s it! You’ve completed the Install Pritunl VPN Server and Client on Debian 11.

Conclusion

Pritunl VPN server offers a way to secure internet traffic, facilitate remote work, and connect devices or networks privately and efficiently. This tutorial showed you how to Install Pritunl VPN Server and Client on Debian 11.

Now that you’ve completed the Pritunl VPN setup, you might also find these articles helpful:

Alternative Solutions for Setting up a VPN on Debian 11

While Pritunl offers a user-friendly web interface for managing OpenVPN, other VPN solutions exist, each with its own strengths and weaknesses. Here are two alternative approaches to setting up a VPN on Debian 11:

1. Using OpenVPN Directly:

OpenVPN is the underlying protocol that Pritunl uses. You can configure OpenVPN directly without a management interface. This approach offers more control and customization but requires a deeper understanding of VPN configuration.

Explanation: Configuring OpenVPN directly involves manually creating and managing configuration files for both the server and the clients. This includes setting up certificates, defining network parameters, and configuring firewall rules. While it requires more technical expertise, it allows for fine-grained control over every aspect of the VPN. This method for Install Pritunl VPN Server and Client on Debian 11 is a little bit different.
Steps (Simplified):
1. Install OpenVPN and Easy-RSA:
```
sudo apt install openvpn easy-rsa
```
2. Generate Certificates: Use Easy-RSA to create a Certificate Authority (CA) and server/client certificates. This is a crucial step for secure communication.
3. Configure the OpenVPN Server: Create a server configuration file (/etc/openvpn/server.conf) with settings like port, protocol, encryption cipher, and network topology.
4. Configure Clients: Create client configuration files with the server’s address, port, and the client’s certificate and key.
5. Start the OpenVPN Service:
```
sudo systemctl start openvpn@server
sudo systemctl enable openvpn@server
```
6. Configure Firewall: Allow OpenVPN traffic through the firewall (usually UDP port 1194).

Code Example (Snippet from server.conf):

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3

This configuration snippet specifies the port, protocol, network device (tun), certificate paths, and pushes DNS settings to clients. Remember to replace ca.crt, server.crt, server.key, and dh.pem with the actual paths to your generated certificate files. This is an advanced method to Install Pritunl VPN Server and Client on Debian 11.

2. Using WireGuard:

WireGuard is a modern VPN protocol that aims for simplicity, speed, and security. It’s generally easier to configure than OpenVPN, and offers better performance in many scenarios.

Explanation: WireGuard uses cryptographic key pairs for authentication and encryption. Configuration is done through simple configuration files. Its streamlined design contributes to lower overhead and improved performance. As opposed to the first solution, this other method to Install Pritunl VPN Server and Client on Debian 11 is simpler and more efficient.
Steps (Simplified):
1. Install WireGuard:
```
sudo apt install wireguard
```
2. Generate Keys: Create private and public keys for both the server and the clients.
```
wg genkey | tee privatekey | wg pubkey > publickey
```
3. Configure the WireGuard Server: Create a server configuration file (/etc/wireguard/wg0.conf) with settings like interface address, listening port, and allowed clients (peers).
4. Configure Clients: Create client configuration files with the server’s public key, client’s private key, and allowed IP addresses.
5. Start the WireGuard Interface:
```
sudo wg-quick up wg0
```
6. Configure Firewall: Allow WireGuard traffic through the firewall (usually UDP port 51820).
Code Example (Snippet from wg0.conf – Server Configuration):
```
[Interface]
PrivateKey = <Server Private Key>
Address = 10.6.0.1/24
ListenPort = 51820
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = <Client Public Key>
AllowedIPs = 10.6.0.2/32
```
Replace <Server Private Key>, <Client Public Key>, and eth0 with your actual values. This configures the server interface, sets up IP forwarding using iptables, and defines a single client peer. Remember to configure the client appropriately to match the server’s settings. This is a more modern approach to Install Pritunl VPN Server and Client on Debian 11.

Both OpenVPN (direct configuration) and WireGuard offer viable alternatives to Pritunl. The best choice depends on your technical expertise, performance requirements, and desired level of control.